Orbital Help

Cisco Orbital is a service that adds osquery to Secure Endpoint to support detailed and fast queries for incident responders. Orbital is available to Secure Endpoint Advantage customers and currently supported on:

• Windows 10 (1803 or later) / 11
• Windows Server 2016 / 2019 / 2022
• macOS 10.15 / 11 / 12
• RedHat Enterprise Linux (and compatible distributions) 6.10 / 7 (7.2 or later) / 8
• Ubuntu 18.04 / 20.04
• Oracle Linux (UEK) 7 / 8
• Debian 10 / 11

Important Points of Note:

• Orbital supports the use of proxies, except SSL terminating proxies. All operating systems can be used with proxies.
• The screen captures in these Help topics may not always reflect the latest product names or UI enhancements.
• Apple’s M1 hardware is not currently supported.

About:

• What is Orbital? – What is Orbital and how can you use it?
• How Do I Get Orbital? – How can you get Orbital?
• Requirements – What do you need to use Orbital?
• Quick Start – How do you use Orbital to query Secure Endpoint endpoints?
• Orbital APIs – How to write applications that use Orbital.
• Remote Data Stores – Use the Orbital Remote Data Stores interface to send results to your choice of destinations.

User Interface:

• Query – Run and schedule queries.
  • Schedule Orbital Query – How to create Orbital scheduled queries.
• Results – Results are used to manage queries.
• Endpoints – View detailed endpoint information.
• Catalog – Find queries designed by Cisco to search and investigate.

SecureX Sign-On

• SecureX Sign-On Integration - Using Orbital with a SecureX Sign-On account.
• SecureX New Account - How to create a new SecureX account.

Support:

• Orbital Nodes – Discussion on Orbital Nodes.
• Alerts, Errors, Warnings – What errors could you see from Orbital?
• Troubleshooting – How to troubleshoot Orbital.
  • Windows Troubleshooting – How to troubleshoot Orbital on a Windows Endpoint.
  • macOS Troubleshooting – How to troubleshoot Orbital on a macOS* Endpoint.
• Glossary – Terms specific to Orbital.